To those WAA members who voted for me, thank you. To the WAA members who didn’t vote for me, I hope I’ll earn your respect. To the analytics professionals that aren’t WAA members — we should talk!

As an aside – it’s going to be interesting being part of this new group. All four of us are VPs in good-sized organizations, and probably used to “calling the shots” to some degree. Working with a non-profit organization of dedicated professionals, all of whom volunteer out of their passion for the industry, is going to be a great learning experience.

Our debut board meeting was in Boston, the day after the WAA Boston Symposium. The first item on the agenda was an orientation for the new folks (all board members attended, except for Jim Sterne who had a prior commitment). After sitting like good newbies for all of maybe 15 minutes, one of us (name redacted to protect the innocent) politely but firmly started asking pointed questions like “what are the success targets? Where are the metrics? etc.” We hadn’t even gotten to basics like how the association conducts its business and already people are demanding data. Smiles all around! The next few hours continued something of the same – materials had been prepared, but we had questions and went straight to them. Prior to the meeting I wondered if the board had some kind of hazing ritual for the new folks, but I think the existing board was on the receiving end of a lot of the hazing. 🙂 Suffice to say I do not think the four new directors are going to be passive wallflowers.

As I get deeper into it, I’ll try to provide regular updates here – not on official business, there’s already a web site for that, and a monthly newsletter. Obviously, I’m only speaking for myself. Instead I’ll look at whether or not I’m doing anything useful as a director. If the only time you hear from me is when I want to get elected, that’s too late, eh?

Meanwhile, and as always, I’m interested in your questions, comments and observations about the WAA.

So I thought – at least one blog post a month won’t be difficult, right?

Right.

Then in February, right before I was scheduled to speak at eTail West, I get an ominous email from Google saying my blog is spewing malware. I immediately checked and was convinced the email was legit. Oh crap. Later Google would complain about many more sites I host, here’s an example email:

I host a number of sites (including some blogs, a mail server, a personal photo gallery, two commercial sites and a non-profit group) and all of them were compromised. So I disabled all the web sites until I returned from eTail. When I got back home, I cleaned and rebuilt each site one-by-one. During the rebuilds, sites were getting re-infected, and it was difficult to find the attack vector. The web wasn’t any help, except that I got a good appreciation for some of the old security issues in WordPress and its plugins – none of which I was experiencing.

It turns out that while bobpage.net was up-to-date with its software, another locally-hosted site was not, and got compromised. The attack granted access to the local file system, so every web site I hosted got infected. Nice. Once I installed some hand-rolled logging software I saw how quickly a site would get hit, and then infect everything else.

Finally I learned enough to understand this particular attack, and I installed various intrusion detection, firewall and logging packages, just in case, and turned on sites one-by-one until I was satisfied I had everything back under control. The whole thing probably took me two weeks to fix, since I couldn’t just drop everything else I was doing. But it did consume most of an entire weekend.

As to what the malware did, I never really looked. As long as it was gone I was satisfied.

Back in the day I ran all my own machines & software, built around FreeBSD and Linux. One day I decided there were better things to do than to continually monitor every mail list and patch my system software. So I switched my machines to Mac and went to outsourced hosting. That doesn’t solve everything but it did lower the administrative burden, because I was putting my faith in others who claimed they were up to the task. But I couldn’t fully give up everything, so I went with a self-administered version of WordPress instead of using the hosting and software available at wordpress.com. As a result, a slip-up in my software patching caused me days of hassle.

That was late February – early March. For now, I’m still using my own hosted version of WordPress, because I keep telling myself it gives me lots of flexibility should I want/ need it. Today I installed the latest patches, checked my logs, and decided it was safe to blog again (for some definition of ‘safe’). I’m not a big fan of blogging about blogging, but the larger story is that no matter how remote and isolated you think you are, you’re running buggy software at the end of some IP address. The scanners will find you, and the scammers will take advantage if they are able. Whether or not you care depends on how much control/flexibility you want. But I guess with great flexibility comes great responsibility, or something like that.